Contact me here

Wednesday, November 29, 2006

Last night Hugh Brien gave an interesting presentation on An Introduction to Tenant Based Software. By this he meant that applications live as a “tenant” in a larger infrastructure. He used Salesforce to illustrate how Software as a Service could be offered in such a way that individual users could use it to build their own custom applets. (Or at least that is how I understood him.) I will be writing more about his presentation next week.

Miller said he had been an early advocate of web services, having persuaded his previous employer, Proxicom, to offer web services.

Miller emphasized that security is a fundamental attribute of an application, not something you add on to an application software after you have finished building it.

He said that SOA can be defined in terms of technology or in terms of architecture. Currently, Gartner has a chart that shows SOA at its the height of its curve of adoption, suggesting that a crash is imminent. Miller said that this was probably true of SOA as a technology, but that SOA as an architectural topology is inevitable.

Here, Miller gave an outline of the history of IT architecture:1) unconnected systems 2) spaghetti architecture -- point to point connectivity3) hub and spoke -- data warehouse at the center4) data bus -- moving data around with technologies like EAI5) application bus -- SOA: robust standards

Miller described SOA as a continuing initiative; no one builds an organization around it.

SOA can be understood as a bunch of web services with a bus providing connectivity. Each web service does something small (such as extract the balance of an account); the application orchestrates the services through business logic.

Miller predicted that the web services part of this will be outsourced, with the bus and process logic done locally, because that is the more agile approach.

In a SOA system, the points of connectivity are points of vulnerability. Here, Miller said that software breaks more than anything else, that “crap” is the technical term.

Here, a member of the audience pointed out that network software is simpler than application software. Miller agreed that this is true, but that network software offers lessons for applications software.

Miller said currently we don’t manage monitoring well in application software and that SOA facilitates monitoring by watching how often the bus calls for which web service and how the web service is used.

He said the industry has gotten over the point where everybody thought they could own the universe; we are now getting vendor independent standards. Here, he showed a diagram representing SOA structure:

clientpresentationlogicinfrastructure service

Miller said SOA succeeds because of the business imperative. With the Internet we already have ubiquitous connectivity. The Internet has also pushed us towards vendor independent standards.

The essential vulnerability in SOA is all the points of connection (between the individual web services, the bus, and the application).

Here, Miller offered a brief survey of the different approaches to security by the two standards organizations: W3C and OASIS.

Miller said that message uniqueness is profound in SOA; how do you know you haven’t seen this message before? For example, you could send a message, “give me $100” and then keep repeating that message. The software has to know it has already received the message. The insertion of a nonce is one way to address this.

Miller was emphatic that SOA does not obviate the need for software security. Here, he offered another slide illustrating the reality of SOA architecture:

He made the point that most SOA systems involve Big Ugly Legacy Applications. Loops that go past the bus, usually tying Big Ugly Legacy Applications to the system, are vulnerabilities. I asked if the value of web services is not precisely because they glue together big ugly legacy applications. Miller agreed that this was so.

Miller said that the things that make code ugly are bug fixes; clean code is code that has not been debugged

Miller listed the factors driving emerging technology as bandwidth, processor speed, memory (RAM), and storage media. He pointed out that his digital camera has a 128 MB flash card. He also said that distributed storage technology was the most unexploited technology.

Note - in an email sent after the presentation, Miller said, “Web service security can be enforced in two ways -- the infrastructure can enforce rules for publication and subscription, or individual services can enforce security based on message tokens. Both can be useful. From the perspective of elegant design, I like to embed the security in the infrastructure / messaging layer rather than leaving it to the author of the individual service. It is easier to monitor it there, and I firmly believe that monitoring is a fundamental aspect of web service security.”

Wednesday, November 22, 2006

Dr. Jim X. Chen offered a survey of the research projects at the computer graphics laboratory at George Mason University. I have read a great deal about virtual reality, but this was the first time I had heard from someone actively working in the field.

Chen opened his presentation with a description of his work on the simulation of fluids. He explained that fluid dynamics is too complicated to simulate, but a simplified model achieves the same effect. With his model he was able simulate the waves created by the back of a boat. Similar concepts were employed in simulating the dispersal of dust created by a car driving across the desert.

Next, Chen described his work in what he called edutainment - learning through playing. Chen builds systems that use virtual reality to teach real world concepts. For example, students see a visual representation of a magnetic field to understand how magnetic fields work. Animations create physical representations of physics equations, helping students retain knowledge. Multi-User Virtual Environments (MUVEs) allow students to explore digital museums.

Chen has built a system for creating custom models for knee surgery visualization. First, a virtual model is built from MRI images. This is important, because MRI images are in black and white. Then, calculations are made for the forces on the joint. Then, a virtual model can be created for surgery visualization. This allows a surgeon to visualize the surgery before it is done on the actual patient.

Building a virtual ear surgery system, including temporal bone construction, is more complicated. Because of the fine detail, it is not practical to use MRI images. An actual specimen was used to create a virtual model. A haptic device allows surgeons to train in a virtual environment.

Chen described his virtual human anatomy and surgery system. Students can see cross sections of entire systems (skeleton, nerves, etc.) in natural color. There is a human parts browser to assist study.

For the blind, the only solution is for each image to be labeled with an accurate description for the screen reader to say aloud. But few Web site designers do that.

That is why researchers are studying ways to tap the powers of the Web to have ordinary users label great numbers of images. Asking people to label image after image, however, is asking them to become bored quickly. To make it less tedious and more fun, Luis von Ahn, a computer science professor at Carnegie Mellon University, has created the ESP Game.

Two random visitors to ESPGame.org are matched up and shown a random image, which they are asked to label. They cannot communicate. When both provide the same label, they win points. At the same time, computers are associating words with images, a valuable service for the blind.

During the Clinton administration the federal government required all federal websites to be handicapped accessible. It is just a question of time before all American businesses are required to have accessible websites. Don’t wait for the government to hit you over the head. Be a good guy, adapt your website so it is accessible.

Note - I know Blogger blogs are not accessible. It is one of the many reasons I don’t like Blogger.

Thursday, November 09, 2006

It is precisely because politicians are doing this openly. Not only is this reported on an American politician’s FEC disclosure form, hiring bloggers is publicly announced. Bloggers write for the campaign’s official blog or disclose their relationship on their blog; sometimes a disclaimer statement appears at the end of each post. There is no question of sailing under false colors.

The Talis Community License aims to describe a more flexible, Web-friendly set of database rights than the current legal default, just as the Creative Commons License offers an alternative to traditional copyright protection and the GPL offers an alternative to restrictive software licenses. Talis is the brainchild of Ian Davis, a developer and technical lead of the research group at library software vendor Talis; he released a draft of the license in April.

As companies and individuals wake up to the implications of who controls their data, the importance of this issue will continue to grow.

Wednesday, November 08, 2006

For companies worried about how consumers and activists view their business practices, these new media channels present a fresh challenge, undermining a traditional command-and-control approach to corporate communication and reputation management.

If you are running a profitable company you must have happy customers. Some of them are probably blogging about their positive experiences. A check of Technorati may reveal pleasent surprises.

Firefox and GMail are two examples of products that benefited from blogger evangelism. PR shouldn’t be so afraid of the big bad blogosphere.

Tuesday, November 07, 2006

Today the Board of Elections in all fifty states is coordinating statewide network of election officers, voting machines, and all the logistics of democracy. They will be doing so in an atmosphere of unprecedented suspicion. This is long and difficult work. In Virginia election officers must arrive at the polls by 6:00 AM and stay until the votes are counted.

Though out the day local boards will field questions and deal with the inevitable controversies of what after all is a contest of power. The level of tension is very high.

After the polls close their website's site traffic will spike. Civil service IT personnel having working hard, testing their systems to prepare for the flood of traffic.

Monday, November 06, 2006

Ever since the 2002 election serious questions have been raised about the reliability and security of the e-voting machines. Last Thursday HBO ran a documentary about the problems with Diebold. Now Hacking Democracy is available online.

These companies have consistently failed to address the concerns raised by their critics. Indeed they could not have conducted themselves worse were it their purpose to dirty their reputation. Whatever profit they derive from the sales of these systems cannot possibly be worth the damage to their corporate reputations.

Friday, November 03, 2006

Integration has been the Holy Grail in information technology from the time the second program was written. Over time we have explored several different architectural models for integration and many different technologies. The scrap heap of IT history is littered with approaches that failed technically and technically brilliant approaches that did not capture the market. Despite a long history of failure, we have doggedly pursued the objective, because the imperative for integration in compelling and the cost of a failing to integrate is overwhelming.

We are now driving to integration through SOA. Through the evolution of ubiquitous connectivity based on internet protocols and vendor-independent standards with integration we are seeing much greater success than in prior efforts. SOA works, the case is compelling, and the rush is on. There are challenges, however. First, there are degrees of SOA, with huge implications in terms of cost, performance, and risk. Second, building SOA requires fundamental changes in organizations and processes. Focusing only on the technology is a prescription for failure. Finally, SOA is a verydifferent animal from a technical perspective. The standard point of attack on a system is at the interfaces, and SOA is all about interfaces. SOA is a target-rich environment.

Craig Miller will talk about his experiences in building SOA at the enterprise scale. He will talk about his personal experience with a small pharmaceutical company (Cubist), a large health insurance company (Wellpoint) and ongoing work with large internet security brokerage. All defined and approached SOA in their own way.

"The Troubling Trends of Federal Procurement." That title for the procurement policy survey published by the trade association Professional Services Council (PSC) and accounting firm Grant Thornton says it all. Thanks to conflicting strategic procurement initiatives, an insufficient workforce and skepticism from government agencies about collaboration with the private sector, federal procurement faces challenging times.

For the third time since 2002, PSC and Grant Thornton surveyed federal officials about their views on procurement policies and practices. Respondents included 37 representatives from myriad civilian and defense agencies. ...

... According to the Federal Procurement Data System, government purchased more than $374 million in goods and services in 2005, which equals about 45 percent of the annual discretionary budget. That's compared to $200 billion five years earlier. Such a market swell has left the acquisition community scrambling to adjust, often without necessary resources or support from those on Capitol Hill. The number of acquisition professionals in 2005 was 125,779, a 10 percent decrease from 1996, despite a 108 percent increase in dollars spent on purchases and 2 million more transactions completed.

This is an execellent article which explains how one goal can conflict with another.